Check Link Hook
This example demonstrates how to process outgoing NHRP traffic in a scenario using one Tunnel with GRE encapsulation.
Test Marks In NHRP Traffic
Description
In this scenario, a traffic policy was configured
to log outgoing NHRP traffic, which is non-IP Layer
3 protocol. The special hook link-out can be
used to process these outgoing frames.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.10/24 set interfaces tunnel tun0 address 10.0.0.1/32 set interfaces tunnel tun0 encapsulation gre set interfaces tunnel tun0 local-address 192.168.100.10 set interfaces tunnel tun0 nhrp set interfaces tunnel tun0 traffic policy link-in LOG_NHRP set interfaces tunnel tun0 traffic policy link-out LOG_NHRP set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy LOG_NHRP rule 1 log prefix NHRP__ set traffic policy LOG_NHRP rule 1 selector NHRP_SEL set traffic selector NHRP_SEL rule 1 ether-type 8193
Note
NHRP packets use ethertype 8193 (0x2001).
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.20/24 set interfaces tunnel tun0 address 10.0.0.2/32 set interfaces tunnel tun0 encapsulation gre set interfaces tunnel tun0 local-address 192.168.100.20 set interfaces tunnel tun0 nhrp holdtime 5 set interfaces tunnel tun0 nhrp nhs 10.0.0.1 nbma 192.168.100.10 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Run command protocols ip show nhrp at DUT0 and check if output matches the following regular expressions:
tun0\s+dynamic\s+10\.0\.0\.2Show output
Iface Type Protocol NBMA Claimed NBMA Expires(s) Flags Identity tun0 local 10.0.0.1 192.168.100.10 192.168.100.10 - - tun0 dynamic 10.0.0.2 192.168.100.20 192.168.100.20 5 UT
Step 4: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
\[NHRP__-1\] ACCEPT IN=tun0 OUT=\w+ \[NHRP__-1\] ACCEPT IN= OUT=tun0Show output
Mar 20 10:07:55.316542 osdx systemd-journald[2054]: Runtime Journal (/run/log/journal/ba147585e3944580985006d3d45a280a) is 2.4M, max 17.2M, 14.8M free. Mar 20 10:07:55.317026 osdx systemd-journald[2054]: Received client request to rotate journal, rotating. Mar 20 10:07:55.317056 osdx systemd-journald[2054]: Vacuuming done, freed 0B of archived journals from /run/log/journal/ba147585e3944580985006d3d45a280a. Mar 20 10:07:55.329840 osdx OSDxCLI[143587]: User 'admin' executed a new command: 'system journal clear'. Mar 20 10:07:55.542880 osdx OSDxCLI[143587]: User 'admin' executed a new command: 'system coredump delete all'. Mar 20 10:07:55.881739 osdx OSDxCLI[143587]: User 'admin' entered the configuration menu. Mar 20 10:07:55.964658 osdx OSDxCLI[143587]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.10/24'. Mar 20 10:07:56.053605 osdx OSDxCLI[143587]: User 'admin' added a new cfg line: 'set interfaces tunnel tun0 traffic policy link-out LOG_NHRP'. Mar 20 10:07:56.144491 osdx OSDxCLI[143587]: User 'admin' added a new cfg line: 'set interfaces tunnel tun0 traffic policy link-in LOG_NHRP'. Mar 20 10:07:56.213920 osdx OSDxCLI[143587]: User 'admin' added a new cfg line: 'set interfaces tunnel tun0 address 10.0.0.1/32'. Mar 20 10:07:56.307644 osdx OSDxCLI[143587]: User 'admin' added a new cfg line: 'set interfaces tunnel tun0 encapsulation gre'. Mar 20 10:07:56.371929 osdx OSDxCLI[143587]: User 'admin' added a new cfg line: 'set interfaces tunnel tun0 local-address 192.168.100.10'. Mar 20 10:07:56.469354 osdx OSDxCLI[143587]: User 'admin' added a new cfg line: 'set interfaces tunnel tun0 nhrp'. Mar 20 10:07:56.536505 osdx OSDxCLI[143587]: User 'admin' added a new cfg line: 'set traffic policy LOG_NHRP rule 1 log prefix NHRP__'. Mar 20 10:07:56.646157 osdx OSDxCLI[143587]: User 'admin' added a new cfg line: 'set traffic policy LOG_NHRP rule 1 selector NHRP_SEL'. Mar 20 10:07:56.708986 osdx OSDxCLI[143587]: User 'admin' added a new cfg line: 'set traffic selector NHRP_SEL rule 1 ether-type 8193'. Mar 20 10:07:56.817924 osdx OSDxCLI[143587]: User 'admin' added a new cfg line: 'show working'. Mar 20 10:07:56.888888 osdx ubnt-cfgd[171138]: inactive Mar 20 10:07:56.965079 osdx systemd[1]: Reloading frr.service - FRRouting... Mar 20 10:07:56.981051 osdx watchfrr[171013]: [NG1AJ-FP2TQ] Terminating on signal Mar 20 10:07:57.082128 osdx frrinit.sh[171168]: Stopped watchfrr. Mar 20 10:07:57.083082 osdx frrinit.sh[171168]: Starting watchfrr with command: ' /usr/lib/frr/watchfrr -d --min-restart-interval 1 --max-restart-interval 600 --timeout 600 --restart-timeout 600 zebra mgmtd nhrpd staticd'. Mar 20 10:07:57.089399 osdx watchfrr[171186]: [T83RR-8SM5G] watchfrr 10.4.1 starting: vty@0 Mar 20 10:07:57.089443 osdx watchfrr[171186]: [QDG3Y-BY5TN] zebra state -> up : connect succeeded Mar 20 10:07:57.089467 osdx watchfrr[171186]: [QDG3Y-BY5TN] mgmtd state -> up : connect succeeded Mar 20 10:07:57.089497 osdx watchfrr[171186]: [ZCJ3S-SPH5S] nhrpd state -> down : initial connection attempt failed Mar 20 10:07:57.089500 osdx watchfrr[171186]: [QDG3Y-BY5TN] staticd state -> up : connect succeeded Mar 20 10:07:57.089875 osdx watchfrr[171186]: [YFT0P-5Q5YX] Forked background command [pid 171187]: /usr/lib/frr/watchfrr.sh restart nhrpd Mar 20 10:07:57.093798 osdx frrinit.sh[171187]: Cannot stop nhrpd: pid file not found Mar 20 10:07:57.094668 osdx watchfrr.sh[171192]: Cannot stop nhrpd: pid file not found Mar 20 10:07:57.108635 osdx zebra[1773]: [V98V0-MTWPF] client 36 says hello and bids fair to announce only nhrp routes vrf=0 Mar 20 10:07:57.117811 osdx watchfrr[171186]: [QDG3Y-BY5TN] nhrpd state -> up : connect succeeded Mar 20 10:07:57.117820 osdx watchfrr[171186]: [KWE5Q-QNGFC] all daemons up, doing startup-complete notify Mar 20 10:07:57.118380 osdx frrinit.sh[171197]: sh: line 1: ipsec: command not found Mar 20 10:07:57.118560 osdx frrinit.sh[171168]: Started watchfrr. Mar 20 10:07:57.219331 osdx systemd[1]: Reloaded frr.service - FRRouting. Mar 20 10:07:57.252740 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Mar 20 10:07:57.298828 osdx WARNING[171290]: No supported link modes on interface eth0 Mar 20 10:07:57.300104 osdx modulelauncher[171290]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Mar 20 10:07:57.300115 osdx modulelauncher[171290]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Mar 20 10:07:57.301202 osdx modulelauncher[171290]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- Mar 20 10:07:57.301210 osdx modulelauncher[171290]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Mar 20 10:07:57.323459 osdx (udev-worker)[171318]: Network interface NamePolicy= disabled on kernel command line. Mar 20 10:07:57.764402 osdx cfgd[1833]: [143587]Completed change to active configuration Mar 20 10:07:57.778126 osdx OSDxCLI[143587]: User 'admin' committed the configuration. Mar 20 10:07:57.797940 osdx OSDxCLI[143587]: User 'admin' left the configuration menu. Mar 20 10:07:59.252982 osdx OSDxCLI[143587]: User 'admin' executed a new command: 'protocols ip show nhrp'. Mar 20 10:08:00.108747 osdx kernel: [NHRP__-1] ACCEPT IN=tun0 OUT= MAC=45:00:00:74:c3:c0:40:00:40:2f:2d:2b:c0:a8:64:14:c0:a8:64:0a:00:00:20:01 Mar 20 10:08:00.108827 osdx kernel: [NHRP__-1] ACCEPT IN= OUT=tun0 MAC=45:01:00:00:00:00:40:00:40:2f:00:00:c0:a8:64:0a:c0:a8:64:14:00:00:20:01 Mar 20 10:08:00.108837 osdx kernel: [NHRP__-1] ACCEPT IN=tun0 OUT=eth0 MAC=00:01:08:00:00:00:00:00:00:40:00:70:2b:43:00:34:01:04:04:00:04:04:00:02 Mar 20 10:08:01.107216 osdx kernel: [NHRP__-1] ACCEPT IN=tun0 OUT= MAC=45:00:00:74:c4:04:40:00:40:2f:2c:e7:c0:a8:64:14:c0:a8:64:0a:00:00:20:01 Mar 20 10:08:01.107323 osdx kernel: [NHRP__-1] ACCEPT IN= OUT=tun0 MAC=45:01:00:00:00:00:40:00:40:2f:00:00:c0:a8:64:0a:c0:a8:64:14:00:00:20:01 Mar 20 10:08:01.107335 osdx kernel: [NHRP__-1] ACCEPT IN=tun0 OUT=eth0 MAC=00:01:08:00:00:00:00:00:00:40:00:70:2b:42:00:34:01:04:04:00:04:04:00:02 Mar 20 10:08:01.324380 osdx OSDxCLI[143587]: User 'admin' executed a new command: 'protocols ip show nhrp'.
Step 5: Run command traffic policy show at DUT0 and check if output matches the following regular expressions:
1\s+NHRP_SEL\s+\b[^0]\d*Show output
Policy LOG_NHRP -- ifc tun0 -- hook link-in prio very-high --------------------------------------------------------------- rule selector pkts match pkts eval bytes match bytes eval --------------------------------------------------------------- 1 NHRP_SEL 4 4 456 456 --------------------------------------------------------------- Total 4 4 456 456 Policy LOG_NHRP -- ifc tun0 -- hook link-out prio very-high --------------------------------------------------------------- rule selector pkts match pkts eval bytes match bytes eval --------------------------------------------------------------- 1 NHRP_SEL 2 2 272 272 --------------------------------------------------------------- Total 2 2 272 272